Open Source Infrastructure Auditor by SolDevelo

💰

Reduce Costs

Identify expensive mistakes like oversized instances, unmanaged disks, or missing lifecycle rules.

Learn how we help
🛡️

Fix Security

Scan for open ports, unencrypted storage, and risky IAM policies before deploying to production.

Our security approach

GitHub Ready

Just paste your repository URL. No complex setup or cloud credentials required for the initial scan.

Get expert advice
Comprehensive scans for AWS cost antipatterns, IaC security issues (Checkov), and container vulnerabilities.
Private Mode Scan won't appear in the "Recent Scans" list
Supported: Terraform AWS Kubernetes

🕒 Recent Scans

History of the latest infrastructure scans performed by InfraScan.

v1.0.3 March 12, 2026
  • Added option to scan in CI/CD using InfraScan CLI
v1.0.2 March 3, 2026
  • Added **Private Mode** toggle: scans can now be performed without appearing in the public "Recent Scans" history
  • Implemented **Pagination** for "Recent Scans" (5 scans per page) for improved navigation and history management
  • Enhanced privacy controls: private scans are still accessible via their unique share links
  • Optimized recent scans loading performance with frontend data slicing
v1.0.1 February 4, 2026
  • Enhanced "One-Pager" dashboard with dynamic container expansion (up to 1400px)
  • Two-column optimized layout: side-by-side Cost and Security findings
  • Branding refresh: Integrated SolDevelo logo and detailed service value propositions
  • Intelligent UX: Automatic feedback request triggered by report engagement (scroll-based)
  • Added "Scroll to Top" functionality for easier navigation of long reports
  • Improved result persistence when switching between application tabs
  • User-friendly terminology: rebranded technical terms to "Cost" and "Security" focus
  • Fixed feedback modal accessibility and closing logic
v1.0.0 January 21, 2026
  • Advanced dual-engine analysis: Real-time pattern matching and deep security inspection
  • Comprehensive rule set covering cost, security, and compliance best practices
  • Multi-tier scanning: Rapid assessment or deep infrastructure audit
  • Enterprise features: Budget tracking, spot instance optimization, and S3 lifecycle management
  • Intelligent repository analysis with automated risk grouping
  • Professional dashboard with severity-based prioritization
  • Optimized for modern AWS and Terraform architectures
Official CLI

🚀 Local & CI/CD Usage

Experience the full power of InfraScan on your terms. Audit private infrastructure securely, integrate into your DevOps pipelines, and generate professional reports locally.

🏠 Run Locally with Docker

Perfect for private projects. Your code stays on your machine, scanned by a self-contained environment.

Terminal / Bash
docker run --rm -v $(pwd):/scan soldevelo/infrascan:latest

💡 Mounts your current directory to /scan and provides immediate CLI feedback.

🤖 GitHub Actions

Stop vulnerabilities before they reach production. Seamlessly integrate InfraScan as a gatekeeper in your PRs.

.github/workflows/infrascan.yml
steps:
  - uses: actions/checkout@v4
  - name: Run InfraScan Audit
    run: |
      docker run --rm \
        -v ${{ github.workspace }}:/scan \
        soldevelo/infrascan:v1.0.3 \
        --fail-on high_critical

📊 Professional HTML Reports

Generate beautiful, shareable HTML audit reports directly from the command line.

Generate audit.html
docker run --rm -v $(pwd):/scan soldevelo/infrascan \
  --format html --out /scan/audit.html

Need more control? Explore all CLI arguments in our Documentation on GitHub.